obsidian-vault-context
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to use a local command-line tool,
obsidian-cli, to perform file management and UI operations. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its interaction with local note content.
- Ingestion points: The agent reads markdown content from the local directory
/Users/steve/Documents/Main/. - Boundary markers: No delimiters or safety instructions are defined to help the agent distinguish between informational content and malicious instructions embedded within notes.
- Capability inventory: The agent can perform significant operations, including reading and writing local files (
read_file,write) and executing commands viaobsidian-cli. - Sanitization: The skill lacks any mechanism to sanitize or validate the content retrieved from the Obsidian vault before the agent processes it.
Audit Metadata